sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

changes regarding dynamic content recognition

Browse Source
This commit is contained in:
Miroslav Stampar 2010-09-13 21:01:46 +00:00
parent c886659f82
commit 77a53228c5
2 changed files with 57 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
lib/controller/checks.py
View File

@ -280,32 +280,53 @@ def checkDynParam(place, parameter, value):
return condition return condition
def checkDynamicContent(firstPage, secondPage): def checkDynamicContent(*pages):
"""
This function checks if the provided pages have dynamic content. If they
are dynamic, their content differs at specific lines.
"""
infoMsg = "searching for dynamic content" infoMsg = "searching for dynamic content"
logger.info(infoMsg) logger.info(infoMsg)
for i in xrange(len(pages)):
firstPage = pages[i]
linesFirst = preparePageForLineComparison(firstPage) linesFirst = preparePageForLineComparison(firstPage)
linesSecond = preparePageForLineComparison(secondPage)
if len(linesFirst) == len(linesSecond):
lastLineNumber = None
pageLinesNumber = len(linesFirst) pageLinesNumber = len(linesFirst)
for i in range(0, pageLinesNumber): for j in xrange(i+1, len(pages)):
if (linesFirst[i] != linesSecond[i]): secondPage = pages[j]
if lastLineNumber == i - 1: linesSecond = preparePageForLineComparison(secondPage)
item = kb.dynamicContent[-1] if pageLinesNumber == len(linesSecond):
if isinstance(item.lineNumber, int): for k in xrange(0, pageLinesNumber):
item.lineNumber = [item.lineNumber] if (linesFirst[k] != linesSecond[k]):
item.lineNumber.append(i) item = DynamicContentItem(k, pageLinesNumber, \
else: linesFirst[k-1] if k > 0 else None, \
kb.dynamicContent.append(DynamicContentItem(i, pageLinesNumber, linesFirst[i-1] if i > 0 else None, linesFirst[i+1] if i < pageLinesNumber - 1 else None)) linesFirst[k+1] if k < pageLinesNumber - 1 else None)
lastLineNumber = i
randInt = getUnicode(randomInt(1)) found = None
payload = agent.fullPayload(" AND %s=%s" % (randInt, randInt)) for other in kb.dynamicContent:
result = Request.queryPage(payload) found = True
if result: if other.pageTotal == item.pageTotal:
pass #TODO: the same as above if isinstance(other.lineNumber, int):
if other.lineNumber == item.lineNumber - 1:
other.lineNumber = [other.lineNumber, item.lineNumber]
other.lineContentAfter = item.lineContentAfter
break
elif other.lineNumber == item.lineNumber + 1:
other.lineNumber = [item.lineNumber, other.lineNumber]
other.lineContentBefore = item.lineContentBefore
break
elif item.lineNumber - 1 == other.lineNumber[-1]:
other.lineNumber.append(item.lineNumber)
other.lineContentAfter = item.lineContentAfter
break
elif item.lineNumber + 1 == other.lineNumber[0]:
other.lineNumber.insert(0, item.lineNumber)
other.lineContentBefore = item.lineContentBefore
break
found = False
if not found:
kb.dynamicContent.append(item)
if kb.dynamicContent: if kb.dynamicContent:
infoMsg = "found probably removable dynamic lines" infoMsg = "found probably removable dynamic lines"

2
lib/core/common.py
View File

@ -1470,6 +1470,7 @@ def smokeTest():
logger.error(infoMsg) logger.error(infoMsg)
return retVal return retVal
class UnicodeRawConfigParser(RawConfigParser): class UnicodeRawConfigParser(RawConfigParser):
def write(self, fp): def write(self, fp):
""" """
@ -1496,6 +1497,7 @@ class UnicodeRawConfigParser(RawConfigParser):
fp.write("\n") fp.write("\n")
class DynamicContentItem: class DynamicContentItem:
""" """
Represents line in content page with dynamic properties (candidate for removal prior detection phase) Represents line in content page with dynamic properties (candidate for removal prior detection phase)